How to Remove File Encrytion Trojan/Ransomware (Removal Guide)

This forum is committed to providing guides to remove spyware, adware, trojans, worms, and other forms of malware.

How to Remove File Encrytion Trojan/Ransomware (Removal Guide)

Postby Sophia » 2012-09-17 1:39

Attention! All your files are encrypted! Is this alert displaying on your computer screen? Pay that 50 Euros via Ukash or Paysafeguard to e-mail or not? Read this post to figure it out and get rid of the Trojan.Ransom.HM to decrypt the important personal files.

“Attention! All your files are encrypted! " is totally a fake one, solely for online tricks by cybercriminals to extort money. Also detected as Trojan.Ransomware.HM, this malware targets people who like to use file-sharing services, like download movies, music and other stuff. Program is found to encrypt the files on victim computer and in addition, 50 euros is required to restore them. If you try anything to restore or decrypt, the encrypted files will be directly deleted. That is a nasty trick.

Similar File Encryption Virus/Ransomware Infection:ACCDFISA Protection Program Virus

This ransomware Trojan is spread via illegal copies of music, movies and other files in most cases. Once executed, it drops some files that can’t be executed normally and additionally displays the alert saying that there are illegal programs found on your PC. Besides, this Trojan encrypts all extensions by adding EnCiPhErEd to file extension and tends to change default icons to a pink common icon (as shown below)

Every folder on the target PC is usually renamed to “HOW TO DECRYPT FILES.txt” and included this message:
The targeted extensions include .jpg, .jpeg, .psd, .cdr, .dwg, .max, .mov, .m2v, .3gp, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .rar, .zip, .mdb, .mp3, .cer, .p12, .pfx, .kwm, .pwm, .txt, .pdf, .avi, .flv, .lnk, .bmp, .1cd, .md, .mdf, .dbf, .mdb, .odt, .vob, .ifo, .mpeg, .mpg, .doc, .docx, .xls, and .xlsx.

In some case, the application makes a wide variety of personal documents inaccessible by encrypting them and asks for even more than 50 Euros to restore them to their original form.

Symptoms of File Encrytion Ransomware Infection

This ransomware will drop a warning text file each infected folder.


"Attention! All your files are encrypted!
You are using unlicensed programms!
To restore your files and access them,
send code Ukash or Paysafecard nominal value of EUR 50 to the e-mail
During the day you receive the answer with the code.
You have 5 attempts to enter the code. If you exceed this date all data is irretrievably spoiled. Be careful when you enter the code!"

It will add .EnCiPhErEd extension to every infected files and replace the icon with a pink logo.


There will appear a warning pop up message if users attempt to run any encrypted files. Attention! All your files were encrypted! To decrypt files, please enter correct password!


How to Get Rid of Remove File Encryption Virus from Your Computer? –Removal Guide

1. Run the infected computer in safe mode with networking.

2. Download, Install and run the antimalware tool-Anvi Smart Defender to full scan the computer system and then remove detected virus.

direct download link:

3. Restart your computer to normal and check the status.

If any question in the process, please feel free to get in touch.

Any practices or experiences, share it with us below.
User avatar
Anvisoft Staff

Anvisoft Staff
Posts: 589
Joined: 2012-04-16 3:32

Return to Malware Removal Guide

Random Threads
ThreadThread StarterViews
How to Delete ClixSense Toolbar from Web Browser IE/FF/Chrome?Ivy3465
How to Remove Pop-up Ads? (Adware Removal Guide)Frances1959
How to Remove Pop-up Ads?(Adware Removal Guide)Frances4010
How to remove Search-Gol Homepage and redirect from IE/FF/Chrome? ( Uninstall Guide)Ivy63041
How to Remove Trojan-Downloader.JS.Agent.gsv (Removal Guide)Autumn9261

Who is online

Users browsing this forum: No registered users